@solid/jose

JSON Object Signing and Encryption (JOSE) (@solid/jose)

Lightweight isomorphic JSON Object Signing and Encryption (JOSE) library for browser and Node.js

Table of Contents

• Security
• Background
• Install
• Usage
• License

Security

TBD

Background

• Based on Webcrypto API
• Isomorphic (Node.js and Browser)

Install

Requires Node.js 8+.

npm install @solid/jose

Usage

Building with Webpack

Important: If you're using this library as a dependency and you plan to use Webpack, don't forget to add the following lines to your webpack.config.js externals: section:

  externals: {
    '@sinonjs/text-encoding': 'TextEncoder',
    'isomorphic-webcrypto': 'crypto'
  }

In Node

const { JWT } = require('@solid/jose')

const decoded = JWT.decode(data) // throws an error if invalid

In Browser

If you npm install @solid/jose as a dependency, the Webpack'd minified bundle will be available in the dist/ directory as jose.min.js.

If you're actively developing/testing this lib, you can npm run dist, and the bundle will be rebuilt.

To use in the browser, simply import the bundle in a <script> tag, and the lib will be loaded into the window.JOSE global variable.

Example test.html file, to illustrate:

<html>
<head>
  <script src="dist/jose.min.js"></script>
  <script>
    // You can now start using the library
    let jwt = new JOSE.JWT({
      header: { alg: 'HS256' },
      payload: { iss: 'https://forge.anvil.io' }
    })
  </script>
</head>
<body>
Sample usage of JOSE lib in a browser.
</body>
</html>

Testing

Nodejs

$ npm test

License

The MIT License

Copyright (c) 2016 Anvil Research, Inc. Copyright (c) 2017-2019 The Solid Project